Privacy Policy

1. INTRODUCTION

By applying for our affiliate program, you agree to be bound by this Privacy Policy.

This Privacy Policy describes how we collect, use, process, and disclose your information.

The "Data Controller" is the company that determines the purposes and means of the processing of personal data under this Privacy Policy.

INTERSTORM (CURACAO) N.V. acts in its capacity of data controller in terms of the EU Regulation 2016/67, determining the purposes and means of the processing of your personal data.

For the purpose of this policy, the use of "we," "us," or "our," refers to the company that is responsible for your information under this Privacy Policy.

Please see Section 7 for contact details of the Data Controllers.

2. INFORMATION WE COLLECT

When you sign up to become an Affiliate, we ask for and collect your username, the url of your website, your email address, your Country and your currency.

After you are approved as an Affiliate, we collect your name, address, date of birth, phone number and in some cases your Skype id.

3. HOW WE USE INFORMATION WE COLLECT

The information you provide us is necessary for the adequate performance of the contract between you and us, in particular to enforce our Terms & Conditions, including notifying you with any changes of them.

In some cases, we may use your data also to:

• contact you in relation to promotions, products or services that you may be interested in from time to time, but only where you have consented to receive such marketing communications.

• carry out certain profiling of you in order to personalise, measure, and improve our marketing and to send you more relevant marketing communications.

In such cases we will process your personal information for the purposes listed in this section given our legitimate interest in undertaking marketing activities to offer you products or services that may be of your interest.
You can always opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications or changing your notification settings
within your interface.

4. SHARING AND DISCLOSURE

We may disclose your information, including personal information, to courts, law enforcement or governmental authorities, or authorized third parties,
if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary: (i) to comply with our legal obligations,
(ii) to comply with legal process and to respond to claims asserted against us, (iii) to respond to requests relating to a criminal investigation or alleged
or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability.

The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights and proper protection of our business against risks.

4.2. THIRD PARTIES SERVICE PROVIDERS

We may a variety of third party service providers to help us provide services related to the affiliate program. Service providers may be located inside or outside of the European Economic Area ("EEA").

These providers have limited access to your information and are contractually bound to protect and to use it on our behalf only for the purposes for which it was disclosed and consistent with this Privacy Policy.

We may share some of your information with such third parties service providers in order to ensure the adequate performance of our contract with you, for our legitimate interest and to comply with our legal obligations. We will require your consent when needed.

You can always contact us to receive the full list of our service providers which process your data.

4.3. CORPORATE AFFILIATE

We may share your information, including personal information, to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries)
insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.

4.4. BUSINESS TRANSFERS

If we undertake or are involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer or share some or all of our assets, including your information in connection with such transaction or in contemplation of such transaction (e.g., due diligence). In this event, we will notify you before your personal information is transferred and becomes subject to a different privacy policy.

5. DATA SUBJECT RIGHTS

Under the General Data Protection Regulation, you have the right to access, rectify, port and delete some of your data. You also have the right to object to and restrict certain processing
of your data. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs.

You may exercise any of the rights described in this section before your Data Controller by sending an email to . Please note that we may ask you to verify your identity
before taking further action on your request.

Please be aware that whilst we will try to accommodate any request you make in respect of your rights they are not absolute rights. This means that we may have to refuse your request
or may only be able to comply with it in part.

5.1. MANAGING YOUR INFORMATION

You may access and update some of your information through your Interface settings. You are responsible for keeping your personal information up-to-date.

5.2. RECTIFICATION OF INACCURATE OR INCOMPLETE INFORMATION

You have the right to ask us to correct inaccurate or incomplete personal information concerning you (and which you cannot update yourself within your Interface).

5.3. DATA ACCESS AND PORTABILITY

You have the right to access your personal data held by us and a right to receive certain personal data in a structured, commonly used, and machine-readable format and/or request us
to transmit this information to another service provider (where technically feasible).

5.4. DATA RETENTION AND ERASURE

We will retain your personal data for the period necessary to perform the contract between you and us and to comply with our legal obligations. Where it is no
longer necessary to process your personal data, it will be deleted. Please note, however, that we may be subject to legal and regulatory requirements to keep personal data for a
longer period.

You have the right to have certain personal data erased where it is no longer necessary for us to process it, where you have withdrawn your consent pursuant to
paragraph 5.5, where you have objected pursuant to paragraph 5.6, where your personal data has been unlawfully processed, or where erasing your personal data is required
in accordance with a legal obligation;

Please note that if you request the erasure of your personal information:

a. We can retain and use your personal information to the extent necessary to comply with our legal obligations.

b. We can retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety.

c. Information that we receive about you can be accessed and preserved for an extended period when it is the subject of a legal request or obligation, governmental
investigation or investigations of possible breaches of our Terms or Policies, or otherwise to prevent harm.

5.5. WITHDRAWING CONSENT AND RESTRICTION OF PROCESSING

Where we have specifically requested your consent to process your personal data and have no other lawful conditions to rely on, you have the right to withdraw this consent at any
time by changing your Interface settings or by sending a communication to specifying which consent you are withdrawing. Please note that the withdrawal of your consent does
not affect the lawfulness of any processing activities based on such consent before its withdrawal.

Additionally, applicable law may give you the right to limit the ways in which we use your personal information, in particular where (i) you contest the accuracy of your personal information;
(ii) the processing is unlawful and you oppose the erasure of your personal information; (iii) we no longer need your personal information for the purposes of the processing, but you require
the information for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing pursuant to next section and pending the verification whether the legitimate
grounds of the Data Controller override your own.

5.6. OBJECTION TO PROCESSING

You have the right to object to processing where lawful basis is that it is in our legitimate interests, but please note that we may still process your personal data where there are other
relevant lawful bases or where we have compelling grounds to continue processing your personal data in our interests which are not overridden by your rights, interests or freedoms;

You also have the right to object to direct marketing, which can be done by opting-out of direct marketing either via your Interface settings or by opting out via the communication itself.
You also have a right to object to any profiling to the extent that it relates to direct marketing only.

5.7. LODGING COMPLAINTS

You have the right to lodge complaints about the data processing activities carried out by the Data Controller before the competent data protection authorities.
Please refer to Section 7 for further information.

6. OVERSEAS TRANSFER OF YOUR INFORMATION

To facilitate our global operations, we may transfer, store, and process your information within our family of companies or share it with service providers based outside Europe
for the purposes described in this Privacy Policy.

If we do transfer your Personal Data outside of the EEA, within the group or to our business partners, we will take all reasonable steps to ensure that adequate measures
are in place to keep your personal data as secure as it is within the EEA and in accordance with this Privacy Policy, by relying on the use of standard contractual clauses or binding
corporate rules or any other acceptable method that ensures a protection of your data to the standard required within the EEA.

You can always contact us to receive the full list of our service providers outside of the EEA which process your data.

7. CONTACT US

If you have questions about this Policy or our information handling practices, or If you are seeking to exercise any of your rights under the General Data Protection Regulation,
please contact our Data Protection Officer at: .